It looks like all meta/facebook sites are blocked.
Meaning no meta, no facebook, no insta, no whatsapp, etc.
However, linkedin, twitter, youtube, tiktok, etc, are all working as expected.
If switched to another router (with the same DNS server), it also works as expected.
I also disabled the IDS/IPS, GeoIP, WAF, Proxy, etc - meaning just the classical L4 firewall.
Nothing seems to work => I'm running out of options here.
Any suggestions where to look?
No idea, except check that "Blocklist.site Facebook" in Services > Unbound DNS >Blocklist isn't selected.
Quote from: cynicalApples7 on January 11, 2023, 09:45:53 PM
No idea, except check that "Blocklist.site Facebook" in Services > Unbound DNS >Blocklist isn't selected.
Thank you for the quick response.
No - not selected. In fact the block-list option is disabled.
To troubleshoot this issue, you can try changing the DNS server settings on the affected router to a different provider. You can use a public DNS service like Google DNS (8.8.8.8 or 8.8.4.4) or Cloudflare DNS (1.1.1.1 or 1.0.0.1). If this resolves the issue, then it's likely that the previous DNS server you were using was blocking access to the sites.
Alternatively, you can try flushing your DNS cache on the affected router. This will clear any stored DNS records and force the router to retrieve new records from the DNS server. You can do this by logging into the router's web interface and navigating to the appropriate section for flushing the DNS cache.
Also, it's possible that they may be blocked in your region or by your internet service provider. This could be due to government censorship or other reasons.
However, since you mentioned that other social media sites such as LinkedIn, Twitter, YouTube, and TikTok are working fine, it's possible that the issue is not related to your internet connection or device. It could be worth trying to access the blocked sites using a VPN or proxy server, as this could help you bypass any regional restrictions. VPN didn't let me access my LinkedIn extension (https://www.globaldatabase.com/how-to-know-if-a-company-or-employee-with-a-linkedin-profile-is-legit) and the website itself didn't work properly.
OPNsense doesn't filter what apps/websites you could use by default. There's either a blocklist enabled within Unbound settings or your DNS provider (at least the one you've configured in OPNsense) for some reason has a blocklist.
I had the same problem which I resolved by disabling syncookie:
Firewall->Settings->Advanced->Enable syncookies = none
See my post https://forum.opnsense.org/index.php?topic=34237.0 (https://forum.opnsense.org/index.php?topic=34237.0)
Quote from: sja1440 on May 28, 2023, 03:11:35 PM
I had the same problem which I resolved by disabling syncookie:
Firewall->Settings->Advanced->Enable syncookies = none
See my post https://forum.opnsense.org/index.php?topic=34237.0 (https://forum.opnsense.org/index.php?topic=34237.0)
Sorry for the late response... :)
But this one made it work - and also solved a few other minor issues.
syncookies never is the default. Is there something in particular that had made you change it originally?